Announcement Announcement Module
Collapse
No announcement yet.
Security and i18n not cooperating Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security and i18n not cooperating

    I posted the same question here, but so far haven't had any luck with fielding any suggestions.

    When a user navigates to my home page and the url contains ?langId=fr_FR the site language changes to French as expected. However, after an unsuccessful attempt is made to log in, the home page language is no longer French and changes back to English. Once a user as logged in (English version) if I add the ?langId=fr_FR parameter to the url the site will change to French and vice versa; adding ?langId=en_US changes it to English.

    From other sources on the web I have found it sounds this should be pretty cut and dry. So, I am likely missing/overlooking something easy with this issue. I have found others who implemented fixes relating to my issue successfully here and here.

    I also tried to add a filter before the springSecurityFitlerChain in the web.xml as noted in the documentation. While the filter is called and it does receive the langId=fr_FR. Once I provide invalid log in credentials the parameter is then lost and the page changes to English.

    Here is my current configuration. Any suggestions or thoughts on what I might be missing or just simply doing wrong is appreciated!

    controller-config

    Code:
    <bean id="localeResolver" class="org.springframework.web.servlet.i18n.SessionLocaleResolver" >
        <property name="defaultLocale" value="en" />
     </bean>
    
    <mvc:interceptors>
         <bean  class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
            <property name="paramName" value="langId" ></property>
        </bean>
    </mvc:interceptors>
    
    
    <bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource" >
        <property name="basenames" >
            <util:list>
                <value>resourcebundles-ui</value>
            </util:list>
        </property>
    </bean>

    security-config

    Code:
    <security:http pattern="/whoami.jsp" security="none"/>
    <security:http pattern="/cachemanager.jsp" security="none"/>
    <security:http pattern="/logon.html"   security="none"/>
    
    <security:http pattern="/security/**" security="none"/>
    <security:http pattern="/media/**"  security="none"/>
    <security:http pattern="/userprofile/displayCreateUserProfileForm.html**" security="none" />
    <security:http pattern="/userprofile/submitCreateUserProfileForm.html" security="none"  />
    
    <security:http auto-config="true" use-expressions="true" >
      <security:intercept-url pattern="/logon.html" access="permitAll" />
      <security:intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
      <security:custom-filter ref="accountAccessValidationSecurityFilter" after="LAST" />           
      <security:form-login login-page="/logon.html"
       login-processing- url="/j_edoption_spring_security_check.chk"
         default-target-url="/home/home.html"  always-use-default-target="true" />
    
    <security:logout invalidate-session="true" logout-success-url="/logon.html" logout-  url="/j_spring_security_logout"/>  
        <security:port-mappings>
            <security:port-mapping http="9080" https="9443"/>
        </security:port-mappings>
    </security:http>
    Last edited by cjnkns; Mar 12th, 2013, 01:14 PM.

  • #2
    I was able to get this working and thought I would share for others who go looking as well. Initially, I thought the fix was just a simple spring security configuration issue that I was missing. This still might be the case, but this is what I had to do.

    First, as pointed out in the documentation we need to add the locale to the LocaleContextHolder. To do this I just added a new custom filter to the <http> block in the security xml file.

    Code:
    <security:http pattern="/whoami.jsp" security="none"/>
    <security:http pattern="/cachemanager.jsp" security="none"/>
    <security:http pattern="/logon.html"   security="none"/>
    
    <security:http pattern="/security/**" security="none"/>
    <security:http pattern="/media/**"  security="none"/>
    <security:http pattern="/userprofile/displayCreateUserProfileForm.html**" security="none" />
    <security:http pattern="/userprofile/submitCreateUserProfileForm.html" security="none"  />
    
    <security:http auto-config="true" use-expressions="true" >
      <security:intercept-url pattern="/logon.html" access="permitAll" />
      <security:intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
      <security:custom-filter ref="accountAccessValidationSecurityFilter" after="LAST" />           
      <security:form-login login-page="/logon.html"
       login-processing- url="/j_edoption_spring_security_check.chk"
         default-target-url="/home/home.html"  always-use-default-target="true" />
    
    <security:custom-filter ref="i18nFilter" before="FORM_LOGIN_FILTER" />
    
    <security:logout invalidate-session="true" logout-success-url="/logon.html" logout-  url="/j_spring_security_logout"/>  
        <security:port-mappings>
            <security:port-mapping http="9080" https="9443"/>
        </security:port-mappings>
    </security:http>

    Also, be sure to add the bean definition for your new filter here as well. After that create a new filter (mine extends OncePerRequestFilter) and grab the language param (langId) off the request; add it to the LocaleContextHolder and bingo all is right with the world.

    Code:
       <bean id="i18nFilter" class="com.mycompany.security.filter.LocalizationSecurityFilter">
            <constructor-arg name="localeParam" value="langId"/>
            <constructor-arg name="localeResolver" ref="localeResolver"/>
          </bean>

    Comment

    Working...
    X